Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey all, I have some questions regarding the Watchdog:
How can I monitor the activity of osquery's watchdog on my endpoints? I am querying many queries from my macs, however, some queries seem to not be reported and I wonder if it is due to watchdog, is there a way to monitor it?
I tried querying `osquery_schedule` table, there I can see the `blacklisted` column - which I assume, if it is `1` it means that the watchdog had stopped it the time before, but is this the only indication for the watchdog stoping a query?
Lastly, is the watchdog killing osquery when all queries are using too much resources, or is it stopping a specific query that is using too many resources? in other words - are other queries which are frequently scheduled with a large query in danger being aborted?